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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address ~ 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MO NTH (S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 

- Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )K Responsive to communication(s) filed on 16 July 2004 . 
2a)M This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quay/e, 1935 CD. 1 1 , 453 O.G. 213. 
Disposition of Claims 

4) [3 Claim(s) 1-31 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) M Claim(s) Ml is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) 13 The drawing(s) filed on 01/18/2000 is/are: a)S accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 

11) D The proposed drawing correction filed on is: a)D approved b)D disapproved by the Examiner. 

If approved, corrected drawings are required in reply to this Office action. 

12) D The oath or declaration is objected to by the Examiner. 
Priority under 35 U.S.C. §§119 and 1 20 

13) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 

a)DAII b)D Some*c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

20 Certified copies of the priority documents have been received in Application No. . 

3.D Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 

14) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. § 1 19(e) (to a provisional application). 

a) □ The translation of the foreign language provisional application has been received. 

15) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. §§ 120 and/or 121 . 

Attachment(s) 

1 ) [3 Notice of References Cited (PTO-892) 0 4)0 Interview Summary (PTO-41 3) Paper No(s), . 

2) CD Notice of Draftsperson's Patent Drawing Review (PTO-948) 5) LZI Notice of Informal Patent Application (PTO-1 52) 

3) 0 Information Disclosure Statement(s) (PTO-1 449) Paper No(s) . 6) CD Other: 
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DETAILED ACTION 



Response to Arguments 

I. In response to communications filed on 7/16/2004, Applicant amends claims 1-3, 5-6, 9- 

II, 13-14, 18-19, 21-23, and 27, the following claims 1-31 are presented for examination. 



2. The amendments to claim 1, filed on 7/16/2004, have been considered. The rejection 
under 35 USC 1 12 has been withdrawn. 

3. Applicant's arguments, see pages 9-13, filed on 7/16/2004, with respect to the rejection 
of claims 1-31, under 35 USC 103 (a) have been fully considered but they are not persuasive. 
Applicant has amended the independent claims 1, 14, 23 to further limit the claimed invention. 
However, upon further consideration, the cited art Birrell et al. from the previous Office Action 
discloses the added claim limitations, therefore Applicant has not overcome the prior art and the 
claims are still rejected in view of the combined references from the previous Office action. 
Birell discloses generating a policy state token that is used as an authentication of the client to 
the transparent proxy. 

Regarding the dependent claims, the teaching of Callaghan and Shrader in combination 
with other references in the previous Office Action still applies as far as disclosing other 
limitations not challenged by Applicant. 
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Claim Rejections - 35 USC § 103 
4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the subject matter 
sought to be patented and the prior art are such that the subject matter as a whole would have 
been obvious at the time the invention was made to a person having ordinary skill in the art to 
which said subject matter pertains. Patentability shall not be negatived by the manner in which 
the invention was made. 

4. 1 Claims 1-8, 12-13, and 23-30 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over US Patent 2002/0007317 to Callaghan et al. in view of US Patent 5,805,803 to Birrell et 
al.. 

4.2 As per claim 1, Callaghan et al. substantially teaches a method for brokering state 
information exchanged between computers using at least one protocol above a transport layer, 
the method comprising the steps of receiving at a proxy a request from a client requesting a 
resource of an origin server (page 6, paragraph 86); redirecting the client request from the proxy 
to a policy module (page 6, paragraph 86); obtaining enforcement data provided by the policy 
module (page 6, paragraph 87); generating at the proxy a policy state token in response to the 
policy enforcement data (page 6, paragraph 87); and transmitting the policy state token from the 
proxy to the client (page 6, paragraph 87). Callaghan et al. does not explicitly state using a 
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transparent proxy. A transparent proxy is well known in the art. Birrell et al. in an analogous 
art teaches using a transparent proxy as an intermediate application and further discloses the 
generating step of a policy token wherein the policy state token is used as an authentication of 
the client to the transparent proxy so as to provide services to be transparent to the user and the 
identity of the user can securely be authenticated without any modifications of the client 
themselves when need to access private resources is desired, for example (see column 5, lines 
33-46; column 3, lines 30-60 and column 4; and column 2, lines 20-60). Therefore, it would 
have been obvious to one of ordinary skilled in the art at the time the invention was made to 
modify the method of Callaghan et al. to use a transparent proxy as an intermediate application 
and generating a policy token wherein the policy state token is used as an authentication of the 
client to the transparent proxy in order to provide services to be transparent to the user, and the 
identity of the user can securely be authenticated without any modifications of the client 
themselves when need to access private resources is desired as taught by Birrell et al.. This 
modification would have been obvious because one skilled in the art would have been motivated 
by the suggestions provided by Birrell et al. to provide services to be transparent to the user, and 
the identity of the user can securely be authenticated without any modifications of the client 
themselves when need to access private resources is desired. 

As per claims 2-3, both references teach further comprising the step of receiving at the 
proxy a renewed request for the origin server resource, the renewed request containing the policy 
state token, wherein the renewed request contains the policy state token in a cookie in a header 
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sent from the client to the proxy, for example (page 6, paragraph 87, Callaghan) and (column 4, 
Birrell). 

As per claim 4, Callaghan et al. teaches the step of forwarding to the origin server a 
portion of the renewed request, the forwarded portion omitting the policy state token (see page 6, 
paragraphs 88-90). Callaghan et al. further teaches in other embodiments the step of stripping 
off the state token (see page 4, paragraph 61 and page 5, paragraph 81). 

As per claim 5, Birrell et al. discloses receiving at the proxy a reply from the origin 
server, the reply containing an origin state token for use by the proxy in its subsequent 
communications with the origin server, for example (see column 4, lines 51-65). Therefore, 
claim 5 is rejected on the same rationale as the rejection of claim 1. 

As per claim 6, Callaghan et al. teaches further comprising the steps at the proxy of 
forwarding to the client at least a portion of a communication from the origin server, and 
forwarding to the origin server at least a portion of a communication from the client (page 5, 
paragraphs 81-82). 

As per claims 7-8, Callaghan et al. teaches the limitation of wherein HTTP or HTTPS is 
a protocol used during at least one of the receiving and transmitting steps (page 6, paragraph 86). 
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As per claim 12, Callaghan et al. teaches the limitation of wherein the obtaining step 
extracts policy enforcement data from a redirection address field (see page 6, paragraphs 86-87). 
The proxy obtains the enforcement data from a redirection field by the browser. In case of a 
policy module in a separate server, it is apparent to one of skilled in the art that the proxy will 
forward the redirection address field to the server. 

As per claim 13, Callaghan et al. teaches the limitation of wherein the transmitting step 
transmits the policy state token in a cookie in a header sent from the proxy to the client (page 6, 
paragraph 87). 

As per claims 23 and 28, claims 23 and 28 disclose the same inventive concept as 
recited in claim 1 except for implementing the claimed method in a computer system. 
Callaghan et al. substantially teaches a pair of state information brokering signals embodied in a 
distributed computer system, the system containing a client, a transparent proxy server having a 
transparent proxy server address, and a policy module having a policy module address (see page 
3, paragraphs 44-48). Callaghan et al. discloses in figure 1 a computer system with terminals 
that meets the recitation of signals from the computer, the pair of signals comprising: a first 
signal including a redirection command which specifies the policy module address as a 
redirection target (see page 6, paragraphs 86-87); and a second signal including a redirection 
command which specifies the transparent proxy server address as a redirection target and also 
including policy enforcement data which grants or denies authorization for the client to use a 
service of the transparent proxy server (see page 6, paragraphs 86-87). Callaghan et al. further 
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discloses the address for the policy module for the user to enter data and the address of the proxy 
on the POST request. Callaghan et al. discloses the limitations of claim 23 , but does not teach a 
transparent proxy. A transparent proxy is well known in the art. Birrell et al. in an analogous 
art teaches using a transparent proxy as an intermediate application and further discloses the 
generating step of a policy token wherein the policy state token is used as an authentication of 
the client to the transparent proxy so as to provide services to be transparent to the user and the 
identity of the user can securely be authenticated without any modifications of the client 
themselves when need to access private resources is desired, for example (see column 5, lines 
33-46; column 3, lines 30-60 and column 4; and column 2, lines 20-60). Therefore claims 23 
and 28 are rejected on the same rationale as the rejection of claim 1 . 

As per claim 24, Callaghan et al. teaches the limitation of wherein the first signal 
includes an identity broker address as the policy module address (see page 6, paragraphs 86-87). 

As per claim 25, Callaghan et al. teaches the limitation of wherein the first signal 
includes a login server address as the policy module address (see page 6, paragraphs 86-87). 



As per claim 26, Callaghan et al. teaches the limitation of wherein the second signal 
includes the policy enforcement data embedded in an address field with the transparent proxy 
server address (see page 6, paragraphs 86-87). 
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Claim 27 is similar to the rejected claim 1, except for incorporating the claimed method 
of claim 1 into a computer medium. Therefore, claim 27 is rejected on the same rationale as the 
rejection of claim 1 . 

As per claim 29, Callaghan et al. teaches the limitation of wherein the method further 
comprises the steps of accepting the proxy cookie at the transparent proxy with a renewed client 
request for the origin server resource, and forwarding the renewed client request to the origin 
server without the proxy cookie (see page 6, paragraphs 88-90). Callaghan et al. further teaches 
in other embodiments the step of stripping off the state token (see page 4, paragraph 61 and page 
5, paragraph 81). 

As per claim 30, Callaghan et al. teaches the limitation of wherein the method 
further comprises the step of transparently forwarding the requested resource from the origin 
server to the client (see page 6, paragraphs 88-89). 

5. Claims 9-11, and 31 are rejected under 35 U.S. C. 103(a) as being unpatentable over US 
Patent 2002/00073 17 to Callaghan et al. in view of US Patent 5,805,803 to Birrell et al. as 
applied to claims 1-8 above and further in view of US Patent 6,374,359 to Shrader et al*. 

5. 1 As per claim 10, Callaghan et al. substantially teaches the claimed method of claim 1 
and further teaches the use of application programming interface. Callaghan et al. does not 
explicitly teach the LDAP application. Shrader et al. in an analogous art teaches LDAP as a 
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software to provide authentication information about the client (column 4, lines 14-26). 
Therefore, it would have been obvious to one of ordinary skilled in the art at the time the 
invention was made to modify the method as combined above to use LDAP to authenticate the 
user as taught by Shrader et aL. This modification would have been obvious because one 
skilled in the art would have been motivated by the suggestions provided by Birrell et al. to use 
any other protocol to provide authentication in the communications between the client and the 
server. 

Claims 9 and 11 are similar to the rejected claim 10 except for utilizing Novell 
Directory Services and SSL software respectively instead of LDAP. Shrader et al. uses LDAP 
only as an illustration but states that any other server administrative application can be 
implemented in the invention (column 4, lines 15-20 and lines 53-65). Therefore, claims 9 and 
11 are rejected on the same rationale as the rejected claim 10. These applications are known in 
the art as also present in applicant's references. 

As per claim 31, Callaghan et al. teaches the limitation of substantially teaches the step 
of generating at the proxy a policy state token in response to the policy enforcement data (page 6, 
paragraph 87); transmitting the policy state token from the proxy to the client (page 6, paragraph 
87); receiving the proxy cookie from the client with a renewed client request for the origin server 
resource (page 6, paragraph 87), and accepting the policy enforcement data (page 6, paragraphs 
88-90). Callaghan et al. does not teach using another proxy to perform the tasks. To a person 
skilled in the art it is apparent that another backup proxy will perform the same function. 
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Shrader et al. in an analogous art teaches using multiple proxies that support LDAP (column 5, 
lines 1-25). It is apparent that other servers are capable of doing the job when one server fails, so 
receiving the first proxy cookie at a second transparent proxy is not departing from the spirit and 
scope of the teaching of Shrader et aL. Therefore, claim 3 1 is rejected on the same rationale as 
the rejection of claims 9-1 1 above. 

6. Claims 14-22 are rejected under 35 U.S.C. 103(a) as being unpatentable over US Patent 
5,805,803 to Birrell et aL. 

6. 1 As per claims 14-17, Birrell et al. substantially teaches a transparent proxy server 
comprising: a memory configured at least in part by a transparent proxy process; a processor for 
running the transparent proxy process; at least one link for networked communication between 
the transparent proxy process, on the one hand, and a client computer and an origin server, on the 
other hand, for example (see figure 1 and column 3, lines 30-67); Birrell et al. also discloses a 
policy module identifier which identifies a policy module that grants or denies authorization of 
proxy services to the client computer by acquiring policy enforcement data and attempting to 
authenticate the client computer to the transparent proxy process in response to the policy 
enforcement data and wherein the client computer directs a request for a resource to an origin 
server and the request is transparently intercepted by the transparent proxy process and used to 
determine the policy module identifier which identifies the policy module, for example (see 
column 4 line 1 through column 5, line 12). To one with ordinary skilled in the art, the web 
server has a memory and a processor to run the proxy process and the network can have any 



Application/Control Number: 09/484,691 Page 1 1 

Art Unit: 2136 

number of clients and servers with at least one with the policy module as disclosed by Birrell et 
al.. 

As per claim 18, Birrell et al. teaches the step of receiving a request from the client for a 
resource of the origin server; sending the client an authorization by the policy module for the 
client to use a transparent proxy service; accepting the authorization from the client with a 
renewed client request for the origin server resource; forwarding the renewed client request to 
the origin server without forwarding the authorization but with an indication to the origin server 
that the transparent proxy server is the source of the forwarded request, and then transparently 
forwarding the requested resource from the origin server to the client, for example (see column 
4, line 1 through column 5, line 18 and figure 2; and column 3, lines 29-67). 

As per claim 19, Birell et al. teaches the limitation of wherein the transparent proxy 
server sends the client the authorization by sending the client a proxy cookie for use in 
subsequent communications from the client, for example (see column 4, lines 58-64). 

As per claims 20-22, claim 20 adds another proxy with similar limitations as the rejected 
claim 14. Birrell et al. substantially teaches the claimed method of claim 14 in combination 
with at least one additional transparent proxy server which also has a memory configured at least 
in part by a transparent proxy process, a processor for running the transparent proxy process, a 
link, and a policy module identifier. To one with ordinary skilled in the art, the network can 
comprise of any number of clients and servers as disclosed by Birell et al. for example (column 
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3, lines 30-67). Birrell et al. substantially teaches forwarding request from one computer to 
another. It is apparent to one skilled in the art that if two servers are combined the handling 
request can still be performed by one. These modifications and variations as well known in the 
art of applying BirelPs invention to more than one server requires routine skilled in the art and 
do not depart from the spirit and scope of the invention disclosed by Birrell, for example (see 
column 5, lines 39-52). Plurality of servers are also discussed in some of the cited prior arts such 
as Blum and Shrader. 

Conclusion 

7. Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, TfflS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 . 136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 
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7. 1 Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Carl Colin whose telephone number is 571-272-3862. The 
examiner can normally be reached on Monday through Thursday, 8:00-6:30 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is (703) 872-9306. 

Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is 703-305-3900. 



Carl Colin 




Patent Examiner 
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